diff --git a/api/jsonApi.js b/api/jsonApi.js
index 3d3cd17..7393205 100644
--- a/api/jsonApi.js
+++ b/api/jsonApi.js
@@ -3,6 +3,7 @@ const Sequelize = require('sequelize');
 const express = require('express');
 const bodyParser = require('body-parser');
 const { Card, User, DropHistory, Character, Group } = require("../models");
+const { isAuthorized } = require('./middleware/apiKeyAuth');
 const { Op } = require('sequelize');
 
 const ACCESS_TOKEN = process.env.API_ACCESS_TOKEN;
@@ -13,18 +14,6 @@ const PREFIX = '/api/v1';
 
 app.use(bodyParser.json());
 
-function isAuthorized(req, res=null) {
-  const providedToken = req.headers['apikey'];
-  if (providedToken !== ACCESS_TOKEN) {
-    if(res) {
-      res.status(401).json({ error: 'Unauthorized' });
-    }
-    return false;
-  }
-
-  return true;
-}
-
 router.get('/', (req, res) => {
   const routes = router.stack
     .filter(layer => layer.route) // Filter out non-routes
diff --git a/api/middleware/apiKeyAuth.js b/api/middleware/apiKeyAuth.js
new file mode 100644
index 0000000..9b077c8
--- /dev/null
+++ b/api/middleware/apiKeyAuth.js
@@ -0,0 +1,15 @@
+const ACCESS_TOKEN = process.env.API_ACCESS_TOKEN;
+
+function isAuthorized(req, res = null) {
+  const providedToken = req.headers['apikey'];
+  if (providedToken !== ACCESS_TOKEN) {
+    if (res) {
+      res.status(401).json({ error: 'Unauthorized' });
+    }
+    return false;
+  }
+
+  return true;
+}
+
+module.exports = { isAuthorized };
\ No newline at end of file